The macro 'DECLARE_NEXT_HOLE_ADDR' may hit a potential null-pointer dereference. So use 'entry' after checking it.
Fixes: 5fad79fd66ff ("drm/mm: cleanup and improve next_hole_*_addr()") Signed-off-by: Jing Xiangfeng jingxiangfeng@huawei.com --- drivers/gpu/drm/drm_mm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c index a4a04d246135..6fcf70f71962 100644 --- a/drivers/gpu/drm/drm_mm.c +++ b/drivers/gpu/drm/drm_mm.c @@ -392,11 +392,14 @@ first_hole(struct drm_mm *mm, #define DECLARE_NEXT_HOLE_ADDR(name, first, last) \ static struct drm_mm_node *name(struct drm_mm_node *entry, u64 size) \ { \ - struct rb_node *parent, *node = &entry->rb_hole_addr; \ + struct rb_node *parent, *node; \ \ - if (!entry || RB_EMPTY_NODE(node)) \ + if (!entry) \ return NULL; \ \ + node = &entry->rb_hole_addr; \ + if (RB_EMPTY_NODE(node)) \ + return NULL; \ if (usable_hole_addr(node->first, size)) { \ node = node->first; \ while (usable_hole_addr(node->last, size)) \
Am 10.09.20 um 04:38 schrieb Jing Xiangfeng:
The macro 'DECLARE_NEXT_HOLE_ADDR' may hit a potential null-pointer dereference. So use 'entry' after checking it.
I don't see a potential null-pointer dereference here.
Where should that be?
Christian.
Fixes: 5fad79fd66ff ("drm/mm: cleanup and improve next_hole_*_addr()") Signed-off-by: Jing Xiangfeng jingxiangfeng@huawei.com
drivers/gpu/drm/drm_mm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c index a4a04d246135..6fcf70f71962 100644 --- a/drivers/gpu/drm/drm_mm.c +++ b/drivers/gpu/drm/drm_mm.c @@ -392,11 +392,14 @@ first_hole(struct drm_mm *mm, #define DECLARE_NEXT_HOLE_ADDR(name, first, last) \ static struct drm_mm_node *name(struct drm_mm_node *entry, u64 size) \ { \
- struct rb_node *parent, *node = &entry->rb_hole_addr; \
- struct rb_node *parent, *node; \ \
- if (!entry || RB_EMPTY_NODE(node)) \
- if (!entry) \ return NULL; \ \
- node = &entry->rb_hole_addr; \
- if (RB_EMPTY_NODE(node)) \
return NULL; \
On 2020/9/10 16:58, Christian König wrote:
Am 10.09.20 um 04:38 schrieb Jing Xiangfeng:
The macro 'DECLARE_NEXT_HOLE_ADDR' may hit a potential null-pointer dereference. So use 'entry' after checking it.
I don't see a potential null-pointer dereference here.
Where should that be?
In current code,the "entry" pointer is checked after entry->rb_hole_addr. Thanks
Christian.
Fixes: 5fad79fd66ff ("drm/mm: cleanup and improve next_hole_*_addr()") Signed-off-by: Jing Xiangfeng jingxiangfeng@huawei.com
drivers/gpu/drm/drm_mm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c index a4a04d246135..6fcf70f71962 100644 --- a/drivers/gpu/drm/drm_mm.c +++ b/drivers/gpu/drm/drm_mm.c @@ -392,11 +392,14 @@ first_hole(struct drm_mm *mm, #define DECLARE_NEXT_HOLE_ADDR(name, first, last) \ static struct drm_mm_node *name(struct drm_mm_node *entry, u64 size) \ { \
- struct rb_node *parent, *node = &entry->rb_hole_addr; \
- struct rb_node *parent, *node; \ \
- if (!entry || RB_EMPTY_NODE(node)) \
- if (!entry) \ return NULL; \ \
- node = &entry->rb_hole_addr; \
- if (RB_EMPTY_NODE(node)) \
return NULL; \ if (usable_hole_addr(node->first, size)) { \ node = node->first; \ while (usable_hole_addr(node->last, size)) \.
dri-devel@lists.freedesktop.org
-
Christian König -
Jing Xiangfeng